Tuesday's update, though, moved the Windows and Macintosh versions of Flash Player to version 11.9.900.170, and the Linux version to 11.2.202.332. Some mitigation for this type of exploit exists since Flash 11.6, which introduced a click-to-play feature that requires users to confirm the playback of Flash content embedded in documents when opened in Microsoft Office versions older than Office 2010. If exploited successfully, both vulnerabilities can lead to arbitrary code execution allowing attackers to take control of the affected systems.
A memory corruption flaw tracked as CVE-2013-5332 was also fixed. That CVE (Common Vulnerabilities and Exposures) ID refers to a type confusion vulnerability fixed in the new version of Flash Player. 'Adobe is aware of reports that an exploit designed to trick the user into opening a Microsoft Word document with malicious Flash (.swf) content exists for CVE-2013-5331,' the company said in a security advisory.
Adobe patched several vulnerabilities in its Flash Player and Shockwave Player on Tuesday, including one for which an exploit is already available.
